Brakeman – Rails Security Scanner

Code static analysis in applications is important to identify security vulnerabilities. if you need to check Ruby on Rails it is possible to use Brakeman. The project is intended to verify the security troubles in Ruby on Rails web framework source code at any phase of the development. It works on Rails 2.x, 3.x, and 4.x. the report may include three levels of severity:

High this is for detecting a user input used in unsafe ways.

Medium which indicate an unsafe use of a variable.

Weak severity for a user input was indirectly used in a potentially unsafe manner.

It is possible to reduce false positives by using a set of checks to run or a set of checks to exclude. There is also a plugin available for Jenkins/Hudson. you can download the tool on the following link: https://github.com/presidentbeef/brakeman